mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 1217156 - Add a pref to turn on/off insecure password warnings. Keep it on for Nightly and off for other builds. Will be turned on for dev edition after a few bug fixes. r=bgrins
This commit is contained in:
parent
7ccb15930d
commit
29e1a19e70
@ -1430,6 +1430,13 @@ pref("dom.identity.enabled", false);
|
||||
// Block insecure active content on https pages
|
||||
pref("security.mixed_content.block_active_content", true);
|
||||
|
||||
// Show degraded UI for http pages with password fields
|
||||
#ifdef NIGHTLY_BUILD
|
||||
pref("security.insecure_password.ui.enabled", true);
|
||||
#else
|
||||
pref("security.insecure_password.ui.enabled", false);
|
||||
#endif
|
||||
|
||||
// 1 = allow MITM for certificate pinning checks.
|
||||
pref("security.cert_pinning.enforcement_level", 1);
|
||||
|
||||
|
@ -6927,6 +6927,13 @@ var gIdentityHandler = {
|
||||
return this._state & Ci.nsIWebProgressListener.STATE_LOADED_MIXED_DISPLAY_CONTENT;
|
||||
},
|
||||
|
||||
get _hasInsecureLoginForms() {
|
||||
// checks if the page has been flagged for an insecure login. Also checks
|
||||
// if the pref to degrade the UI is set to true
|
||||
return LoginManagerParent.hasInsecureLoginForms(gBrowser.selectedBrowser) &&
|
||||
Services.prefs.getBoolPref("security.insecure_password.ui.enabled");
|
||||
},
|
||||
|
||||
// smart getters
|
||||
get _identityPopup () {
|
||||
delete this._identityPopup;
|
||||
@ -7257,7 +7264,7 @@ var gIdentityHandler = {
|
||||
this._identityBox.classList.add("weakCipher");
|
||||
}
|
||||
}
|
||||
if (LoginManagerParent.hasInsecureLoginForms(gBrowser.selectedBrowser)) {
|
||||
if (this._hasInsecureLoginForms) {
|
||||
// Insecure login forms can only be present on "unknown identity"
|
||||
// pages, either already insecure or with mixed active content loaded.
|
||||
this._identityBox.classList.add("insecureLoginForms");
|
||||
@ -7301,7 +7308,7 @@ var gIdentityHandler = {
|
||||
|
||||
// Determine if there are insecure login forms.
|
||||
let loginforms = "secure";
|
||||
if (LoginManagerParent.hasInsecureLoginForms(gBrowser.selectedBrowser)) {
|
||||
if (this._hasInsecureLoginForms) {
|
||||
loginforms = "insecure";
|
||||
}
|
||||
|
||||
|
@ -18,6 +18,10 @@ function waitForInsecureLoginFormsStateChange(browser, count) {
|
||||
* Checks the insecure login forms logic for the identity block.
|
||||
*/
|
||||
add_task(function* test_simple() {
|
||||
yield new Promise(resolve => SpecialPowers.pushPrefEnv({
|
||||
"set": [["security.insecure_password.ui.enabled", true]],
|
||||
}, resolve));
|
||||
|
||||
for (let scheme of ["http", "https"]) {
|
||||
let tab = gBrowser.addTab(scheme + testUrlPath + "form_basic.html");
|
||||
let browser = tab.linkedBrowser;
|
||||
|
Loading…
Reference in New Issue
Block a user